<?php

// header('content-type:text/html; charset=utf-8');
$servername = "localhost";
$username = "root";
$password = "020913";
$dbname = "myphpmysql"; // 数据库名称

$mysqli = new mysqli($servername, $username, $password, $dbname);
if($mysqli->connect_error){
    die("连接失败: ".$conn->connect_error);
}
$mysqli->set_charset('utf8'); // 设置字符集


/*
// 预处理语句，后面的两个 ？，也是为了防止黑客的攻击
$sql = "insert into username(username, brief) values(?, ?)";
$mysqli_stmt = $mysqli->prepare($sql);

$username = "小明";
$brief = "一个很好的同学";

// s 表示的是 string 类型, 有几个参数写几个 s
$mysqli_stmt->bind_param('ss', $username, $brief);

// 执行预处理语句
if($mysqli_stmt->execute()){
    echo $mysqli_stmt->insert_id; // 程序成功，返回插入数据表的行id
    echo PHP_EOL;
}else{
    echo $mysqli_stmt->error; // 执行失败，错误信息
}

mysqli_close($mysqli);
*/


// 预处理语句，后面的两个 ？，也是为了防止黑客的攻击
$sql = "select uid, brief from username where uid = ?";
$mysqli_stmt = $mysqli->prepare($sql);
$uid = 2;
$mysqli_stmt->bind_param('i', $uid);

// 执行预处理语句
if($mysqli_stmt->execute()){
    // bind_result() 绑定结果集中的值到变量
    $mysqli_stmt->bind_result($uid, $brief);
    // 遍历结果集
    while($mysqli_stmt->fetch()){
        echo "uid：" . $uid . "<br>";
        echo "简介：" . $brief . "<br>";
    }
}

mysqli_close($mysqli);

